Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Passwords are not secure with master password

  • 3 replies
  • 4 have this problem
  • 34 views
  • Last reply by Vilko

Vilko
Vilko
more options

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords).

In other words:

If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text!

So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

First, I love how much better the Android version has become. Privacy is really important to me and I've been wanting to switch back to Mozilla for a long time, but some bugs prevented me to do so. Now it's close to perfect, but really don't understand what is the logic behind the way the password manager was implemented, and it's a major no-go for me. The purpose of a master password should be that it is asked EACH time you try to show the passwords in plain text (in the settings), not once per session (which is also very annoying since the purpose of the password manager is to prevent you from having to enter passwords). In other words: If I enter my master password but leave the computer turned on or my cell phone on the table without closing Firefox (which most people do), then someone can go to my setting and have a plain text version of all my passwords instantly, which is pretty bad. The other thing is that while I understand that SOME people might want to enter their master password once per session, most people don't care about this and find this actually annoying and this should be optional. This is actually beating the purpose of the password manager which is NOT to have to enter any password. They are masked, and I do not care if someone opens my browser and views my facebook. What I really care about however is that they shouldn't be able to go to my settings and have an easy access to all my passwords in plain text! So having to enter your password every session should be an option, while having to enter your password should be mandatory each time you open the password manager itself (or at least optional!). What a major security flaw for a browser that prides itself on privacy...

Chosen solution

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.

Read this answer in context 👍 1

All Replies (3)

Kevin
Kevin
  • Moderator
more options

Set the master password timeout in about:config. Search for signon.masterPasswordReprompt.timeout_ms and set it to 1000 for 1s timeout or whatever value you are comfortable with.

Vilko
Vilko Question owner
more options

Thank you for your reply. If I understand correctly however, while this solves half of the issue, this makes the other half worse, because now I will have to enter my password every time I load a page that requires credentials, whereas the purpose of a password manager is to not have to enter any password

Vilko
Vilko Question owner
more options

Chosen Solution

I have found a solution to my problem : an open source software for managing passwords that integrates seamlessly with Firefox and offers cloud sync on multiple platforms, it's called BitWarden. I'll use this instead and turn off password managing in Firefox, and keep using Firefox sync to sync my other data.